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A METHOD AND A SERVER FOR ALLOCATING LOCAL AREA NETWORK 
RESOURCES TO A TERMINAL ACCORDING TO THE TYPE OF TERMINAL 
The field of the invention is that of communication 
between terminals within networks, and more particularly 
5 that of allocating local area network resources to 
terminals . 

Many public and private sector organizations and 
many companies and company groups use wired local area 
networks (LAN) and wireless local apa networks (WLAN) . 
10 These local area networks provide access to local 

information to persons (users) who connect to a network 
access point, e.g. a terminal equipped with a fixed or 
removable LAN or WLAN card. 

However, some local area networks also allow 
15 approved users to access other communication networks, 

for example Internet/ IP type public data networks and/or 
public switched telephone networks (PSTN) . 

In some cases it is even possible to connect a local 
area network to a private network via a public network. 

2 0 In this case, the local area network generally belongs to 

the proprietor of the private network to which it is 
connected. When the proprietor is a company, this 
provides persons that it has approved, who are generally 
some of its employees, with remote access to the 
25 terminals of the company network, and thus to some of its 
data, and in some cases to services made available within 
the company network. However, to secure the data of the 
company, this facility can be used only by persons having 
a terminal configured to communicate with the local area 

3 0 network and the company network while using encryption in 

a chosen format . 

Because only a small number of persons can use the 
local area network resources dedicated to connections to 
remote networks, whether these are private networks, data 
35 networks, or telephone networks, the resources are 

generally underused, although many other persons present 
in their coverage area could benefit from them. 
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Accordingly, an object of the invention is to remedy 
this drawback. 

To this end it proposes a processing server which 
is dedicated to allocating local area network resources 
5 to user terminals and is adapted to be connected to at 
least one local area network access point by wire (for 
example by an Ethernet link) or by wireless (for example 
by an 802.11b radio link) . 

The server is characterized in that it includes 
10 control means adapted, firstly, to classify the terminals 
attempting to establish communication with the local area 
network into a first group or a second group according to 
whether or not communications are encrypted in compliance 
with at least one format and, secondly, to allocate 
15 resources of the local area network to terminals 

attempting to establish communication therewith as a 
function of whether they are classified in the first 
group or the second group. 

The control means are advantageously adapted to 
2 0 determine the medium access control (MAC) address of each 
terminal attempting to establish communication with the 
local area network and the server advantageously includes 
means for allocating an IP address to the terminal having 
the MAC address determined in this way. The allocation 

2 5 means are preferably of the Dynamic Host Configuration 

Protocol (DHCP) type . 

The server preferably further includes a memory for 
storing a table containing primary MAC addresses 
associated with first terminals adapted to exchange data 
30 frames encrypted in compliance with the chosen format. 
The table can also contain secondary MAC addresses 
associated with second terminals adapted to exchange 
unencrypted data frames . 

The control means are then preferably adapted to 

3 5 determine if a MAC address extracted from a received 

frame is a primary or secondary MAC address. If it is, 
the control means send the allocation means a request to 
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allocate the terminal corresponding to the primary or 
secondary MAC address a primary IP address adapted to 
enable it to set up a link with at least one first remote 
network and one second remote network. If not, the 
5 control means send the allocation means a request to 

allocate the terminal corresponding to the MAC address, 
referred to as the "third" terminal, a secondary IP 
address adapted to enable it to set up a connection with 
at least one second remote terminal . 

10 The first terminals are preferably associated with 

the first remote network, which may be connected to at 
least one second remote network. For example, they are 
company terminals, such as portable microcomputers, 
issued to company employees. Also, the second terminals 

15 preferably belong to known users of the first remote 
network. For example, they are mobile telephones 
belonging to company employees or to persons associated 
with the company. 

Each first remote network is advantageously 

2 0 selected from the group comprising private networks, IP 

data networks, and telephone networks (public switched 
telephone networks or otherwise) , and each second remote 
network is preferably selected from the group comprising 
IP data networks and telephone networks (public switched 
25 telephone networks or otherwise) . 

According to another feature of the invention the 
control means can be adapted to allocate at least two 
priority levels for allocation of resources of the local 
area network according to whether communications are 

3 0 encrypted in accordance with the chosen format or not. 

To this end, it is advantageous if the MAC addresses in 
the table are stored in corresponding relationship to at 
least one priority level. For example, a first priority 
level is allocated to first terminals associated with 
3 5 primary MAC addresses and a second priority level is 

allocated to second terminals associated with secondary 
MAC addresses. The control means can also be adapted to 
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allocate a third priority level for allocation of 
resources of the local area network, for example to third 
terminals that set up communications that are not 
encrypted and whose MAC address is not in the table. 
5 Other levels higher than the third level can also be 
envisaged, as a function of the requirements of the 
application. 

The priority levels preferably apply at least to the 
bandwidth allocated to the terminals and the bandwidth 

10 can decrease from the first level to the third level, so 
that the first terminals are given preference. However, 
the control means can change dynamically the allocation 
of bandwidth (or any other priority level) taking account 
of the traffic (or of the available resources) . 

15 Accordingly, when traffic is low, a second level can be 
replaced by a first level and a third level can be 
replaced by a second level, and when traffic is very low, 
a third level can be replaced by a first level . The 
opposite approach is equally possible when the traffic is 

2 0 very high, in which case a first level can be replaced by 

a second level, or even a third level, or a second level 
can be replaced by a third level. 

However, the priority levels can equally apply to 
rights of access to local or remote databases, and in 
25 particular to rights of access to audio and/or video 
data, for example in the context of video on demand 
applications, or to rights of access to physical 
resources, such as a dedicated terminals or printers. 
For example, a server of the invention can be 

3 0 integrated into a router in order to mask the addressing 

plan of the first remote network (for example a company 
private network) . However, it can equally well be 
integrated into an access point . 

The invention also provides a communication 
35 installation including at least one local area network, 
for example a wireless local area network (WLAN) , 
accessible via at least one access point, at least one 
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first remote network, at least one second remote network, 
and a processing server of the kind defined above 
connected to at least one access point and to the first 
and second remote networks . 
5 In this installation, the processing server is 

preferably connected to the first remote network via a 
virtual private network (VPN) . However, it could instead 
be is connected to the first remote network via a remote 
access server (RAS) . 

10 The invention further provides a method of 

allocating resources of a local area network to user 
terminals via at least one access point to the local area 
network, which method consists in, firstly, in the case 
of an attempt at setting up a connection with the local 

15 area network by a terminal, classifying the terminal in a 
first group or a second group according to whether the 
connection is encrypted in accordance with at least one 
chosen format or not and, secondly, allocating resources 
of the local area network to the terminal as a function 

2 0 of whether it is classified in the first group or the 
second group . 

In the event of an attempt by a terminal to set up 
a connection with the local area network, its MAC address 
is advantageously determined and an IP address is then 

2 5 allocated to the terminal having the MAC address 

determined in this way. 

A table containing primary MAC addresses associated 
with first terminals adapted to exchange data frames 
encrypted in accordance with the chosen format is 

3 0 preferably provided and preferably also contains 

secondary MAC addresses associated with second terminals 
adapted to exchange unencrypted data frames . 

When the above kind of table is present, the method 
can determine if a MAC address extracted from a received 
3 5 frame is a primary or secondary MAC address; if so, the 
terminal corresponding to that primary or secondary MAC 
address is allocated a primary IP address so that it can 



set up a connection with at least one first remote 
network and one second remote network; if not, the 
terminal corresponding to the MAC address, referred to as 
a third terminal, is allocated a secondary IP address so 
5 that it can set up a connection with a least one second 
remote network . 

According to another feature of the invention at 
least two levels of priority for allocation of resources 
of the local area network can be allocated according to 

10 whether communications are encrypted in accordance with 
the chosen format or not. In this case, the MAC 
addresses in the table are advantageously stored in 
corresponding relationship to at least one priority 
level, whereby a first priority level can be allocated to 

15 first terminals associated with primary MAC addresses and 
a second priority level can be allocated to second 
terminals associated with secondary MAC addresses. The 
third terminals can be allocated a third level of 
priority for allocation of resources of the local area 

2 0 network. 

The priority levels preferably relate at least to 
the bandwidth allocated to the terminals, which can 
decrease from the first level to the third level, for 
example. However, the allocation of bandwidth can 
25 equally well change dynamically, taking account of the 
traffic (or the available resources) . 

The invention can be implemented in public 
communication networks (PSTN and PLMN) , and in particular 
in pubic mobile communication networks (GSM, GPRS, and 
30 UMTS networks) or private networks (PABX and residential 
gateways) able to use fixed wireless access, such as 
WLAN, Bluetooth or Ultra Wide Band (UWB) networks. 

Other features and advantages of the invention will 
become apparent on reading the following detailed 

3 5 description and examining the single figure of the 

appended drawing, which shows diagrammatically one 
example of a communication installation equipped with a 
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processing server of the invention. This figure is 
intended to contribute not only to describing the 
invention but also, where appropriate, to defining the 
invention . 

5 The installation shown in the single figure includes 

a private company network CN, a wireless local area 
network WLAN belonging to a group of companies, for 
example, a public switched telephone network PSTN 
belonging to a telephone carrier, a^d a public data 

10 network Internet/IP. 

The local area network WLAN has one or more access 
points 1 connected to an edge router 2 in turn connected 
to the public switched telephone network PSTN and to the 
public data network Internet/IP. In the example shown, 

15 the access point 1 is connected to the edge router 2 by a 
cable 3, preferably an Ethernet link. However, the 
connection could instead be a wireless connection, for 
example an 802.11b radio link. 

The company network CN is connected firstly to the 

2 0 public switched telephone network PSTN via a company 

server (or gateway) 4 and secondly to the edge router 2 
via an IP router 5 having the proxy or firewall function 
and the public data network Internet/IP, preferably via a 
virtual private network (VPN) 6 which secures data by 

2 5 tunneling. A remote access server RAS, possibly coupled 

to a gateway type router, could be used instead of the 
VPN link. 

Furthermore, the installation also includes one or 
more routers or gateways 7 of infrastructures which 

3 0 belong to Internet service providers ISP and each of 

which is connected to the public switched telephone 
network PSTN and to the public data network Internet/IP. 

The local area network is preferably a wireless 
local area network (WLAN) , a Bluetooth or Ultra Wide Band 
35 (UWB) network, or a cable local area network (LAN) . 
Moreover, the company network CN is, for example, a 
private automatic branch exchange (PABX) , possibly of the 
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wireless type (conforming to the digital European 
cordless telecommunications (DECT) standard) . 
Furthermore, although the telephone network is preferably 
a public switched telephone network (PSTN) , it could 
5 instead be a public land mobile network (PLMN) , such as a 
GSM, GPRS or UMTS network, for example. Of course, the 
invention is not limited to these types of network, or to 
the chosen number of networks. Thus there could co-exist 
a plurality of private networks each having access to one 

10 or more local area networks, a plurality of public data 
networks and a plurality of public switched telephone 
networks, or only to a plurality of public data networks 
and a plurality of public switched telephone networks. 

The invention is intended to enable persons having 

15 access to a communication terminal 8 equipped with a 

removable or integrated LAN or WLAN card 9 to access one 
or more networks of the installation, referred to as 
remote networks, under conditions to be described later, 
when they are in the coverage area of a wireless local 

2 0 area network. 

In the example shown, where the local area network 
is a wireless local area network, the communication 
terminals 8 are mobile telephones, portable 

microcomputers, or personal digital assistants (PDA) , for 
25 example. Each communication terminal 8 has a medium 

access control (MAC) address (at level 2 of the ISO's OSI 
model) , which is generally placed in the header of the 
data frames that it transmits. 

Three types of communication terminal 8 are defined. 

3 0 A first type of terminal is a mobile terminal 8a that 

belongs to (or is associated with) the company to which 
the wireless local area network WLAN and the company 
network CN belong. In the case of a company, the 
terminals 8a are generally portable microcomputers fitted 
3 5 with a WLAN card 9 configured to enable exchange of 

encrypted data with one of the access points 1 of the 
WLAN using a first format and with the company network CN 
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using a second format. The first and second formats are 
generally different, as it is usual for the access point 
itself to encrypt data frames received from a terminal 8a 
using an algorithm and a key supplied to it by the 
5 manager of the company network CN. The MAC addresses of 
the terminals 8a, which are referred to as primary 
terminals, are also known to the company and stored in a 
server of the company network CN. 

A second type of terminal is a mobile terminal 8b 

10 that generally belongs to an employee of the company or 
outside persons working for the company, for example 
consultants. The terminals 8b are generally mobile 
telephones fitted with a fixed WLAN card. However, this 
card is not configured to enable the exchange of 

15 encrypted data with one of the access points 1 of the 

WLAN or with the company network CN. The MAC addresses 
of the terminals 8b, which are referred to as secondary 
terminals, are nevertheless known to the company and 
stored in the server of the company network CN previously 

20 referred to. 

A third type of terminal is a mobile terminal 8c 
that belong to a person outside the company. The 
terminals 8c are mobile telephones, personal digital 
assistants, or microcomputers, fitted with a WLAN card. 

2 5 However, the card is not configured to enable the 

exchange of encrypted data with one of the access points 
1 of the wireless local area network WLAN or with the 
company network CN. The MAC addresses of the terminals 
8c, which are referred to as tertiary terminals, are 

3 0 unknown to the company . 

A processing server 10 is provided, preferably in 
the edge router 2, to enable the terminals 8 (a-c) to 
access some or all of the networks of the installation, 
according to their type. This server could instead be 
35 provided in one of the access points of the wireless 
local area network. 

When a terminal 8 (a-c) is in the coverage area of 
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the wireless local area network WLAN and wishes to set up 
a connection with a remote network of the installation, 
it transmits to the access point 1 a connection request 
in the form of a data frame containing its MAC address in 
5 its header. If the terminal is a first terminal 8a, the 
frames that it sends are already encrypted in accordance 
with a first format. On receiving the encrypted frame, 
the access point 1 determines or verifies the algorithm 
that it must apply to the encrypted frame using the key 

10 that was supplied to it by the manager of the company 
network CN to convert it into a frame encrypted in 
accordance with a second format. 

It is important to note that this determination can 
be based on the content of the header of the frame, 

15 although this is not obligatory. In other words, the 

access point 1 does not necessarily have to determine or 
verify the algorithm that it must apply to the frames 
received from the data contained in those frames. 
Moreover, it is important to note that frames encrypted 

2 0 in accordance with the first format and the same frames 
unencrypted are processed by parallel processes. 

Once the access point 1 has encrypted the frame in 
accordance with the second format, it forwards it to the 
processing server 2 . 

25 Otherwise, if the terminal is a second terminal 8b 

or a third terminal 8c, the frames that it sends are 
unencrypted. Consequently, as soon as the access point 1 
receives frames from these terminals, it forwards them to 
the processing server 2 . 

30 The processing server 10 includes a control module 

11 which analyses each data frame transmitted by the 
access point 1. To be more precise, the control module 
11 determines if the frame is encrypted in accordance 
with the second format or not. If so, the control module 

35 11 classifies the terminal that sent it in a first group 
corresponding to the first terminals 8a, which are 
authorized to access the company network CN and the 
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public networks, in this example the public switched 
telephone network PSTN and the public data network 
Internet/IP. If not, it classifies the terminal that 
sent it in a second group corresponding to the second 
5 terminals 8b or the third terminals 8c, which are a 

priori authorized only to access the public networks, in 
this example the pubic switched telephone network PSTN 
and the public data network Internet /IP. 

The control module 11 then assigns resources of the 
10 wireless local area network WLAN to the terminal, but 
without actually allocating them, and the terminal 
attempts to connect to the remote networks, as a function 
of whether it is classified in the first or the second 
group . 

15 In a basic embodiment of the invention, processing 

continues with the transmission of instructions by the 
control module 11 to the access point 1 to which the 
terminal 8 that submitted the connection request is 
connected, including a request to allocate the terminal 

2 0 resources of a first or second type, depending on whether 

it is a first terminal 8a, a second terminal 8b, or a 
third terminal 8c. For example, the first terminals 8a 
are allocated a high bandwidth whereas the second 
terminals 8b and the third terminals 8c are allocated a 

25 low bandwidth. The first terminals 8a can then, in the 
conventional way, connect to any of the remote networks 
(company network CN, data network Internet/ IP, or public 
switched telephone network PSTN) , whereas the second 
terminals 8b and third terminals 8c can connect only to 

30 the public data network Internet/IP or the public 
switched telephone network PSTN, as if they were 
connected directly to the edge router 2 . 

However, the priority levels can relate to 
parameters other than the bandwidth, for example the 

3 5 right of access to local or remote databases, and in 

particular to stockmarket or weather databases, or to 
audio and/or video databases, for example in the context 



of video streaming or video on demand applications, or 
the right of access to physical resources such as 
dedicated terminals or printers. 

In this basic embodiment of the invention, the 
5 processing effected by the processing server 10 therefore 
ceases at this stage. 

However, the invention goes further than this. It 
proposes that the second terminals 8b, which generally 
belong to employees of the company, ^ave the benefit of 

10 access to the company network CN, even though their 

terminals are not configured to transmit frames encrypted 
in accordance with the first format. To this end, the 
control module 11 is adapted to determine the MAC address 
contained in the header of the frame initially supplied 

15 to it by the access point 1, at the time of a connection 
request submitted by a terminal 8, and after determining 
whether the request was encrypted or not. Once this has 
been determined, the terminal 8 can send an IP address 
allocation request to the processing server 10. The 

20 latter includes an IP address allocation module 12 

coupled to the control module 11, and preferably taking 
the form of a Dynamic Host Configuration Protocol (DHCP) 
server. 

As the person skilled in the art knows, a DHCP 
25 allocation module automatically distributes an IP address 
to a terminal or an equipment unit that wishes to 
dialogue with equipment situated outside a local area 
network. It generally constitutes a superset of BOOTP . 
Unlike the Internet address, the IP address actually 
30 (i.e. physically) identifies a terminal. It generally 
consists of four numbers in the range [0-255] separated 
by full stops. An IP address and an Internet address are 
generally linked by a Domain Name System (DNS) server. 

Once the allocation module 12 has allocated an IP 
3 5 address to the terminal 8 whose MAC address has been 
determined by the control module 11, the terminal can 
dialogue with equipment units in the remote networks, if 
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it is an approved terminal. 

The processing server 11 preferably includes a 
memory 13 storing a table containing primary MAC 
addresses associated with first terminals 8a and 
5 preferably containing secondary MAC addresses associated 
with second terminals 8b. This table is supplied by the 
manager of the company network CN, preferably via the VPN 
link 6. As a general rule, all management information 
for configuring the processing server 10 is transmitted 

10 by the manager of the company network CN, preferably via 
the VPN link 6. 

The control module 11 can access the memory 13 to 
verify if the MAC address that it has determined in the 
header of the frame received is a primary MAC address, a 

15 secondary MAC address, or a tertiary MAC address if it 
belongs to a third terminal 8c whose MAC address is 
unknown . 

If the MAC address of the terminal 8a or 8b is a 
primary or secondary MAC address, the control module 11 

2 0 sends the allocation module 12 a request to allocate the 

terminal concerned a primary IP address (company IP 
address) to enable it to set up a link with one of the 
remote networks to which the local area network is 
connected via the edge router 2 , including the company 

25 network CN. On the other hand, if the MAC address of the 
terminal 8c is a tertiary MAC address (in other words, if 
it is not ,in the table stored in the memory 13) , the 
control module 11 sends the allocation module 12 a 
request to allocate the terminal in question a secondary 

30 IP address (non-company IP address) enabling it to set up 
a link with the Internet/IP network via the 
infrastructure 7 of its service provider or with the 
public switched telephone network PSTN, possibly via a 
telephone access server, and not with the company network 

3 5 CN, since it is not approved by the latter. 

However, the control module 11 can also be adapted 
to allocate a plurality of WLAN resource allocation 
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priority levels according to whether communications are 
encrypted in accordance with the second format or not . 
The objective is to give the first terminals 8a priority 
over the second terminals 8b and the second terminals 8b 
5 priority over the third terminals 8c. 

To this end, each primary and secondary MAC address 
from the table is stored in corresponding relationship to 
a priority level. For example, the table can be divided 
into two parts, one containing primary MAC addresses 

10 associated with a first priority level and the other 
containing secondary MAC addresses associated with a 
second priority level. By a process of deduction, the 
third terminals 8c associated with an (unknown) tertiary 
MAC address are automatically allocated a third priority 

15 level . 

The priority levels preferably relate at least to 
the bandwidth allocated to the terminals 8. For example, 
the bandwidth decreases from the first level to the third 
level to give first terminals 8a belonging to the company 
2 0 priority over second terminals 8b belonging to employees 
of the company or to persons associated therewith and to 
give second terminals 8b priority over third terminals 8c 
belonging to persons outside the company. The priority 
level that is allocated to a terminal 8 is communicated 

2 5 to the access point 1 which is the equipment unit of the 

wireless local area network WLAN responsible for 
allocating resources of that network. 

Moreover, in order to take account of the conditions 
of use of the resources of the wireless local area 

3 0 network WLAN in real time, the control module 11 is 

preferably able to modify dynamically the priority level 
that it allocates to the terminal 8 on the basis of 
information contained in the address table. For example, 
if the control module 11 has allocated a second terminal 
3 5 8b a second priority level (that corresponds to an 

intermediate bandwidth, for example) , and the traffic on 
the wireless local area network WLAN is low or moderate 
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(which corresponds to a large number of available 
resources) , it can decide to change this second level 
into a first level (corresponding to the greatest 
bandwidth, for example) . Under the same traffic 
5 conditions, the control module 11 could also decide to 
change a third priority level allocated to a third 
terminal 8c into a second level. Moreover, if the 
traffic of the wireless local area network WLAN is very 
low (which corresponds to a very la^ge number of 

10 available resources) , the control module 11 can decide to 
change a third priority level allocated to a third 
terminal 8c into a first level. 

The opposite approach can also be envisaged. 
Indeed, it may happen that the traffic in a wireless 

15 local area network WLAN is very high and that it is not 
possible to satisfy the demands of all the terminals 8, 
including the first terminals 8a. Consequently, the 
control module 11 can be adapted to change a first 
priority level allocated to a first terminal 8a into a 

2 0 second level or even a third level (corresponding to the 
lowest bandwidth) . Similarly, it can change a second 
priority level allocated to a second terminal 8b into a 
third level. 

Instead of or in addition to this, defining user 
25 profiles associated with some of the MAC addresses from 
the table can be envisaged. Accordingly, when the 
control module recognizes an MAC address of this kind, it 
can command the access point to allocate the terminal 
having that MAC address resources corresponding to the 
30 associated profile. 

A few examples of the operation of an installation 
of the invention are described next. 

Once the control module 11 has determined the MAC 
address, and where applicable the associated priority 
35 level (or profile) , and the allocation module 12 has 
allocated an IP address to the terminal 8, the latter 
can, if it is a first terminal 8a or a second terminal 8b 
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of the microcomputer type, access in the conventional way 
either the company network CN via the proxy router 5 or 
the data network Internet/IP via the VPN link 6. The 
proxy router 5 generally prompts the terminal user to 
identify himself by entering his login name and his 
password. If the first terminal 8a or the second 
terminal 8b is a mobile telephone, it is conventionally 
routed to the company gateway server 4 in order to be 
connected to the public switched telephone network PSTN 
or directly to a terminal of an employee of the company 
(via the internal telephone network) . If the calling 
user transmits only one name, his call can be processed 
by a company Domain Name System (DNS) server or by a 
company Lightweight Directory Access Protocol (LDAP) 
directory. 

If the terminal is a third terminal 8c of the 
microcomputer type, it can conventionally access only the 
data network Internet/IP via the infrastructure 7 of its 
usual Internet service provider ISP. It can use its 
browser for this. During the phase of identification of 
the user of the third terminal 8c by the ISP, the latter 
can decide to change the secondary IP address previously 
allocated by the allocation module 12 . 

Finally, if the terminal is a third terminal 8c of 
the mobile telephone type, two options can be envisaged. 
If the telephone 8c is a GSM, GPRS or UMTS telephone with 
an integrated local directory, the edge router 2 
allocates it a media-gateway type characteristic, for 
example in accordance with the IETF Media Gateway Control 
Protocol (MGCP) , which enables it to access directly the 
public switched telephone network PSTN. If not, the call 
is routed by the edge router 2 to the infrastructure 7 of 
the user's Internet service provider ISP which processes 
it by conventional name conversion, connection to the 
public switched telephone network PSTN, and the like, for 
example . 

The control module 11 and the allocation module 12 



of the processing server 10 of the invention can take the 
form of electronic circuits, software (or data 
processing) modules, or a combination of circuits and 
software . 

The invention also provides a method of allocating 
resources of a wireless local area network (WLAN) or a 
cable local area network (LAN) to user terminals 8 via at 
least one access point 1. 

This can be done using the processing server 8 and 
the communication installation described hereinabove. 
The main and optional functions and sub- functions 
provided by the steps of the method being substantially 
identical to those provided by the various means 
constituting the processing server 10 and the 
installation, only the steps implementing the main 
functions of a method of the invention are summarized 
hereinafter. 

In a method of the invention, when a terminal 8 
attempts to set up a connection with the wireless local 
area network WLAN, it is, firstly, classified in a first 
group or a second group according to whether the link is 
encrypted in accordance with at least one chosen format 
or not and, secondly, allocated resources of the wireless 
local area network WLAN as a function of whether it is 
classified in the first group or the second group. 

Preferably, when a terminal 8 attempts to set up a 
connection with the wireless local area network WLAN, its 
MAC address is determined and it is then allocated an IP 
address . 

Moreover, in the presence of a MAC address table, it 
is possible to determine if the MAC address extracted 
from a received frame is a primary or secondary MAC 
address and, if so, to allocate the terminal 8 (a, b) 
corresponding to that primary or secondary MAC address a 
primary IP address enabling it to set up a connection 
with at least one first remote network or at least one 
second remote network and, if not, to allocate the 
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terminal 8c corresponding to the MAC address, referred to 
as a third terminal, a secondary IP address enabling it 
to set up a connection with at least one second remote 
network. 

5 Furthermore, at least two priority levels for 

allocation of resources of the wireless local area 
network WLAN can be allocated according to whether 
communications are encrypted in the chosen format or not. 
In this case, it is advantageous if the MAC addresses in 

10 the table are stored in corresponding relationship to at 
least one priority level, in which case a first priority 
level can be allocated to first terminals 8a associated 
with primary MAC addresses and a second priority level 
can be allocated to second terminals 8b associated with 

15 secondary MAC addresses. A third priority level for 
allocation of local area network resources to third 
terminals 8c can also allocated. 

Thanks to the invention, it is now possible for 
persons who have no a priori authorization to access 

2 0 remote networks connected to a cable local area network 

(LAN) or a wireless local area network (WLAN) 
nevertheless to access at least some of the remote 
networks, provided that the local area network concerned 
has sufficient resources available. Such access can be 
25 charged or f ree -of -charge . This significantly improves 
the mobility of the communication terminals. Moreover, 
it enables local area network proprietors to make access 
to data or telephone networks available to all potential 
users . Thus in areas that do not have good radio 

3 0 coverage, by installing a local area network of moderate 

cost, all users requiring to do so can connect to the 
network of their telephone carrier and even to the 
Internet . 

Furthermore, the invention can define priority 
35 levels for allocating local area network resources, or 

even specific resource allocation profiles, regardless of 
the type of resource concerned, including physical 
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resources such as printers or database access terminals. 

The invention is not limited to the embodiments of a 

method, a server and an installation described 

hereinabove by way of example only, but encompasses all 
5 variants falling within the scope of the following claims 

that the person skilled in the art might envisage. 
Thus in the foregoing description there are 

references to priority levels applying to bandwidths . 

However, the invention can apply to any other priority 
10 level relating to the modes of allocating resources of a 

local area network, and in particular physical resources 

such as printers and terminals providing access to 

databases of any type, in particular stockmarket and 

weather databases . 
15 Moreover, an application of the invention to 

wireless local area networks (WLAN) has been described. 

However, the invention applies equally well to cable 

local area networks (LAN) , Bluetooth and UWB local area 

networks . 

20 Moreover, an installation in which the local area 

network belongs to a company or to a group of companies 
having a private network (or first remote network) 
connected to said local area network has been described. 
However, the invention relates equally well to local area 

2 5 networks that are not connected to private networks. In 

this case, the local area network can be connected only 
to one or more data networks (or first or second remote 
networks) and/ or to one or more telephone networks (or 
first or second remote networks) . 

3 0 Furthermore, a company private network has been 

referred to, but the invention applies to any private 
network that is connected to a local area network via a 
processing server of the invention. 

Finally, a processing server installed in a router 
3 5 has been described. However, the processing server can 

equally well be installed in an access point of the local 
area network. 



